high
7.5
CWE
22
Advisory Published
Updated

CVE-2020-12116: Path Traversal

First published: Thu May 07 2020(Updated: )

Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
ManageEngine OpManager MSP<=12.3
ManageEngine OpManager MSP=12.4
ManageEngine OpManager MSP=12.4-build124000
ManageEngine OpManager MSP=12.4-build124011
ManageEngine OpManager MSP=12.4-build124012
ManageEngine OpManager MSP=12.4-build124013
ManageEngine OpManager MSP=12.4-build124014
ManageEngine OpManager MSP=12.4-build124015
ManageEngine OpManager MSP=12.4-build124016
ManageEngine OpManager MSP=12.4-build124022
ManageEngine OpManager MSP=12.4-build124023
ManageEngine OpManager MSP=12.4-build124024
ManageEngine OpManager MSP=12.4-build124025
ManageEngine OpManager MSP=12.4-build124026
ManageEngine OpManager MSP=12.4-build124027
ManageEngine OpManager MSP=12.4-build124030
ManageEngine OpManager MSP=12.4-build124033
ManageEngine OpManager MSP=12.4-build124037
ManageEngine OpManager MSP=12.4-build124039
ManageEngine OpManager MSP=12.4-build124040
ManageEngine OpManager MSP=12.4-build124041
ManageEngine OpManager MSP=12.4-build124042
ManageEngine OpManager MSP=12.4-build124043
ManageEngine OpManager MSP=12.4-build124051
ManageEngine OpManager MSP=12.4-build124053
ManageEngine OpManager MSP=12.4-build124054
ManageEngine OpManager MSP=12.4-build124056
ManageEngine OpManager MSP=12.4-build124058
ManageEngine OpManager MSP=12.4-build124065
ManageEngine OpManager MSP=12.4-build124066
ManageEngine OpManager MSP=12.4-build124067
ManageEngine OpManager MSP=12.4-build124069
ManageEngine OpManager MSP=12.4-build124070
ManageEngine OpManager MSP=12.4-build124071
ManageEngine OpManager MSP=12.4-build124072
ManageEngine OpManager MSP=12.4-build124074
ManageEngine OpManager MSP=12.4-build124075
ManageEngine OpManager MSP=12.4-build124081
ManageEngine OpManager MSP=12.4-build124082
ManageEngine OpManager MSP=12.4-build124085
ManageEngine OpManager MSP=12.4-build124086
ManageEngine OpManager MSP=12.4-build124087
ManageEngine OpManager MSP=12.4-build124089
ManageEngine OpManager MSP=12.4-build124095
ManageEngine OpManager MSP=12.4-build124096
ManageEngine OpManager MSP=12.4-build124097
ManageEngine OpManager MSP=12.4-build124098
ManageEngine OpManager MSP=12.4-build124099
ManageEngine OpManager MSP=12.4-build124100
ManageEngine OpManager MSP=12.4-build124101
ManageEngine OpManager MSP=12.4-build124102
ManageEngine OpManager MSP=12.4-build124168
ManageEngine OpManager MSP=12.4-build124169
ManageEngine OpManager MSP=12.4-build124175
ManageEngine OpManager MSP=12.4-build124176
ManageEngine OpManager MSP=12.4-build124178
ManageEngine OpManager MSP=12.4-build124181
ManageEngine OpManager MSP=12.4-build124182
ManageEngine OpManager MSP=12.4-build124183
ManageEngine OpManager MSP=12.4-build124189
ManageEngine OpManager MSP=12.4-build124190
ManageEngine OpManager MSP=12.4-build124191
ManageEngine OpManager MSP=12.5-build125000
ManageEngine OpManager MSP=12.5-build125002
ManageEngine OpManager MSP=12.5-build125100
ManageEngine OpManager MSP=12.5-build125101
ManageEngine OpManager MSP=12.5-build125102
ManageEngine OpManager MSP=12.5-build125108
ManageEngine OpManager MSP=12.5-build125110
ManageEngine OpManager MSP=12.5-build125111
ManageEngine OpManager MSP=12.5-build125112
ManageEngine OpManager MSP=12.5-build125113
ManageEngine OpManager MSP=12.5-build125114
ManageEngine OpManager MSP=12.5-build125116
ManageEngine OpManager MSP=12.5-build125117
ManageEngine OpManager MSP=12.5-build125118
ManageEngine OpManager MSP=12.5-build125120
ManageEngine OpManager MSP=12.5-build125121
ManageEngine OpManager MSP=12.5-build125123
ManageEngine OpManager MSP=12.5-build125124

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2020-12116?

    CVE-2020-12116 is classified as a high severity vulnerability due to its potential to allow unauthorized access to arbitrary files on the server.

  • How do I fix CVE-2020-12116?

    To mitigate CVE-2020-12116, upgrade your Zoho ManageEngine OpManager to version 12.5 build 125125 or later.

  • What types of systems are affected by CVE-2020-12116?

    CVE-2020-12116 affects Zoho ManageEngine OpManager versions up to and including 12.4, as well as specific builds up to 124196.

  • Can CVE-2020-12116 be exploited remotely?

    Yes, CVE-2020-12116 can be exploited remotely by an unauthenticated attacker through crafted requests to the affected system.

  • What actions should I take if I am using a vulnerable version of OpManager?

    If you are using a vulnerable version of OpManager, you should immediately upgrade to a patched version to protect your system from potential attacks.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203